dll host consume ram

jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
hello everybody ! my pc got this symptomp fro three days ago.... not installed anything much... but the ram consumed till 90 % after two hour on, and i only using chrome that time.......

and i already uploaded the scanlog too..
 

Attachments

  • aswMBR.txt
    1.6 KB · Views: 66
  • FRST_15-04-2014_21-15-20.txt
    96.7 KB · Views: 155
  • ComboFix.txt
    37.5 KB · Views: 167
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Who told you to run ComboFix? ComboFix is complex and very powerfull tool, not intended for everyday use. It should be run only when asked and under guidance by trained malware removal expert. Don't run ComboFix on your own!!!


Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: 
Folder::
c:\programdata\SNT
c:\program files (x86)\SNT
c:\programdata\SuperbApp
c:\programdata\YoutubeAdblocker
c:\programdata\save Neti
c:\program files (x86)\save Net
c:\programdata\InstallMate
c:\programdata\e8bfc10261579107
c:\users\user\AppData\Local\Torch
c:\program files (x86)\Conduit
c:\programdata\Conduit
c:\users\user\AppData\Local\FilesFrog Update Checker
c:\users\user\AppData\Local\Conduit
c:\program files (x86)\Webfuii

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundContainer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000000

Driver::
Update Webfuii
Util Webfuii
BprotectEx

ClearJavaCache::

Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )



***** NEXT *****



Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code: 
    createsrpoint;
emptyfolderscheck;delete
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"



***** NEXT *****



Re-run FRST again, check Addition.txt, press Scan, and attach both reports.



==========================================================================================================
Things I need you to do:
- ComboFix report
- Zoek report
- FRST.txt and Addition.txt reports
=======================================================================================================================
 
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
sorry sir.... i run to combofix due to some post..... sorry...

btw i noticed another symptomp
- the dll. host ram consumtion increased when i open download folder, and it happened after i change my chrome skin
- it stabilize when im not opening the download folder
btw, here'e the log
 

Attachments

  • FRST.txt
    89.8 KB · Views: 109
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
eeh, how come??? i cannot upload the combo fix and zoek report....
btw sorry for long reply.. i lost my internet ip after yesterday scan.
 

Attachments

  • Addition.txt
    36.8 KB · Views: 128
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
ComboFix 14-04-12.01 - user 04/15/2014 22:19:49.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16324.770 [GMT 7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\SNT
c:\program files (x86)\Webfuii
c:\program files (x86)\Webfuii\7za.exe
c:\program files (x86)\Webfuii\bin\7za.exe
c:\program files (x86)\Webfuii\bin\BrowserAdapterS.7z
c:\program files (x86)\Webfuii\bin\FilterApp_C64.exe
c:\program files (x86)\Webfuii\bin\plugins\Webfuii.Bromon.dll
c:\program files (x86)\Webfuii\bin\plugins\Webfuii.BrowserAdapterS.dll
c:\program files (x86)\Webfuii\bin\plugins\Webfuii.CompatibilityChecker.dll
c:\program files (x86)\Webfuii\bin\plugins\Webfuii.PurBrowse.dll
c:\program files (x86)\Webfuii\bin\utilWebfuii.exe
c:\program files (x86)\Webfuii\bin\utilWebfuii.InstallState
c:\program files (x86)\Webfuii\bin\Webfuii.BrowserAdapter.exe
c:\program files (x86)\Webfuii\bin\WebfuiiBA.dll
c:\program files (x86)\Webfuii\bin\WebfuiiBAApp.dll
c:\program files (x86)\Webfuii\updateWebfuii.exe
c:\program files (x86)\Webfuii\updateWebfuii.InstallState
c:\program files (x86)\Webfuii\Webfuii.ico
c:\program files (x86)\Webfuii\WebfuiiUninstall.exe
c:\programdata\Conduit
c:\programdata\Conduit\IE\CT2504091\configutaion.json
c:\programdata\Conduit\IE\CT2504091\SetupIcon.ico
c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe
c:\programdata\Conduit\Multi\CT2504091\configutaion.json
c:\programdata\Conduit\Multi\CT2504091\SetupIcon.ico
c:\programdata\Conduit\Multi\CT2504091\UninstallerUI.exe
c:\programdata\e8bfc10261579107
c:\programdata\e8bfc10261579107\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old
c:\programdata\e8bfc10261579107\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old
c:\programdata\InstallMate
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\_Setup.dll
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\20140410200737.log
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Custom.dll
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Readme.txt
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.dat
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.exe
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.ico
c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\TsuDll.dll
c:\programdata\save Neti
c:\programdata\SNT
c:\programdata\SuperbApp
c:\programdata\YoutubeAdblocker
c:\programdata\YoutubeAdblocker\n9w.dat
c:\programdata\YoutubeAdblocker\n9w.exe
c:\users\user\AppData\Local\Conduit
c:\users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll
c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll
c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\CHUninstaller.exe
c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\configutaion.json
c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\Uninstaller.ico
c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\UninstallerUI.exe
c:\users\user\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe
c:\users\user\AppData\Local\FilesFrog Update Checker
c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe
c:\users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe
c:\users\user\AppData\Local\Torch
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\background.html
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\content.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\KUr61eXXZ.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\lsdb.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\manifest.json
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\newtab.html
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\background.html
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\content.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\lsdb.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\manifest.json
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\UJ1VktsAa.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\background.html
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\content.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\lsdb.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\manifest.json
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\RDJ.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\background.html
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\content.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\csle.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\lsdb.js
c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\manifest.json
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BPROTECTEX
-------\Service_BprotectEx
-------\Service_Update Webfuii
-------\Service_Util Webfuii
.
.
((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-15 15:27 . 2014-04-15 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-15 14:11 . 2014-04-15 14:15 -------- d-----w- C:\FRST
2014-04-15 14:01 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B374E8A-15F5-4218-BF8C-2769E0C970B7}\mpengine.dll
2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieUserList
2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieSiteList
2014-04-15 08:47 . 2014-04-15 08:47 -------- d-----w- c:\program files\Recuva
2014-04-15 08:14 . 2014-04-15 08:14 -------- d-----w- c:\program files (x86)\iCare Data Recovery Standard
2014-04-15 07:56 . 2014-04-15 07:56 -------- d-----w- c:\program files (x86)\4Card Recovery
2014-04-14 22:29 . 2010-11-21 03:23 38912 ----a-w- c:\windows\system32\drivers\CompositeBus.sys
2014-04-14 21:53 . 2014-04-14 21:53 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2014-04-14 04:19 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-12 18:59 . 2014-04-12 18:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-04-12 18:59 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-04-12 17:10 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-12 17:10 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-10 13:10 . 2014-04-10 13:36 -------- d-----w- c:\program files (x86)\save Neti
2014-04-10 13:10 . 2014-04-10 13:10 -------- d-----w- c:\users\user\AppData\Local\Packages
2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\user\AppData\Local\Comodo
2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\HomeGroupUser$
2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Guest
2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Administrator
2014-04-09 07:21 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-09 06:59 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 06:59 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 06:59 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 06:59 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 06:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-09 06:58 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-09 06:58 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-09 06:58 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-09 06:58 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-09 06:58 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 06:58 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-09 06:58 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-09 06:58 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-09 06:58 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-09 06:58 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-04-05 18:06 . 2014-04-12 17:11 -------- d-----w- c:\users\user\AppData\Local\NVIDIA Corporation
2014-04-05 18:05 . 2014-04-05 18:08 -------- d-----w- c:\users\user\AppData\Local\NVIDIA
2014-04-05 13:44 . 2014-04-02 13:27 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-05 13:44 . 2014-04-02 13:27 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-05 13:42 . 2014-03-21 19:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-04-05 13:42 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
2014-04-05 13:42 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2014-04-05 13:42 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2014-04-04 12:35 . 2014-04-05 18:10 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-04-04 03:17 . 2014-02-05 14:47 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F96F5EE-6689-46FD-B462-752295B59C48}\gapaengine.dll
2014-03-29 13:36 . 2014-04-14 18:46 -------- d-----w- c:\users\user\AppData\Roaming\vlc
2014-03-29 02:37 . 2014-04-10 13:37 -------- d-----w- c:\programdata\Log
2014-03-26 09:43 . 2014-03-26 09:43 -------- d-----w- C:\found.000
2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\id
2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\en
2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-03-24 22:25 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Windows Live
2014-03-24 22:24 . 2014-03-24 22:32 -------- d-----w- c:\users\user\AppData\Local\Windows Live
2014-03-24 22:23 . 2014-03-24 22:23 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-03-23 10:44 . 2014-03-23 10:44 -------- d-----w- c:\program files (x86)\Vuze
2014-03-23 10:36 . 2014-03-27 01:26 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft
2014-03-23 08:32 . 2014-03-23 08:32 -------- d-----w- c:\users\user\AppData\Roaming\Oracle
2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\programdata\Oracle
2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-23 08:31 . 2014-03-23 08:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Java
2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\program files (x86)\Autodesk
2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\users\user\AppData\Local\backburner
2014-03-23 02:19 . 2014-04-15 11:09 -------- d-----w- c:\users\user\AppData\Local\Akamai
2014-03-23 02:19 . 2014-03-23 02:19 -------- d-----w- c:\programdata\Applications
2014-03-23 02:07 . 2014-03-23 02:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-23 02:07 . 2014-03-23 02:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\SysWow64\Macromed
2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\system32\Macromed
2014-03-22 17:07 . 2014-03-23 05:24 -------- d-----w- c:\programdata\FLEXnet
2014-03-22 17:07 . 2014-03-23 02:20 -------- d-----w- c:\users\user\AppData\Local\Autodesk
2014-03-22 16:52 . 2014-03-22 16:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2014-03-22 16:51 . 2014-03-23 05:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2014-03-22 16:51 . 2014-03-23 05:07 -------- d-----w- c:\program files\Autodesk
2014-03-22 16:49 . 2008-07-10 04:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-03-22 16:44 . 2014-03-22 16:44 -------- d-----w- C:\Autodesk
2014-03-22 16:41 . 2014-04-05 18:05 -------- d-----w- c:\program files\CCleaner
2014-03-22 04:39 . 2014-03-22 04:39 61112 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-21 15:40 . 2014-03-21 15:40 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2014-03-21 14:18 . 2014-03-21 15:43 -------- d-----w- c:\users\user\AppData\Local\Installer
2014-03-21 14:06 . 2014-03-21 14:06 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2014-03-21 14:01 . 2010-05-26 04:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-03-21 14:01 . 2010-05-26 04:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-03-21 14:01 . 2006-03-31 05:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2014-03-21 13:59 . 2014-03-23 05:09 -------- d-----w- c:\programdata\Autodesk
2014-03-21 13:59 . 2014-03-22 17:16 -------- d-----w- c:\users\user\AppData\Roaming\Autodesk
2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\UltraISO
2014-03-20 02:51 . 2014-04-04 12:04 -------- d-----w- c:\users\user\AppData\Roaming\Baidu Security
2014-03-20 02:48 . 2014-04-04 12:04 -------- d-----w- c:\program files (x86)\Baidu Security
2014-03-20 02:48 . 2014-04-03 02:46 -------- d-----w- c:\programdata\Baidu Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 05:35 . 2014-03-11 12:35 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-24 22:25 . 2012-07-17 07:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-14 16:43 . 2014-03-14 15:58 135736 ----a-w- c:\windows\system32\vpncmd.exe
2014-03-14 16:05 . 2014-03-14 16:05 28768 ----a-w- c:\windows\system32\drivers\Neo_0009.sys
2014-03-14 16:04 . 2014-03-14 16:04 38240 ----a-w- c:\windows\system32\drivers\see.sys
2014-03-11 02:52 . 2013-09-27 02:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 20:01 . 2014-03-06 20:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-06 20:01 . 2014-03-06 20:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-06 20:01 . 2014-03-06 20:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-06 20:01 . 2014-03-06 20:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-06 20:01 . 2014-03-06 20:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-06 20:01 . 2014-03-06 20:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-06 20:01 . 2014-03-06 20:01 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-06 20:01 . 2014-03-06 20:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-06 20:01 . 2014-03-06 20:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-06 20:01 . 2014-03-06 20:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-06 20:01 . 2014-03-06 20:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-06 20:01 . 2014-03-06 20:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-06 20:01 . 2014-03-06 20:01 413696 ----a-w- c:\windows\system32\html.iec
2014-03-06 20:01 . 2014-03-06 20:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-06 20:01 . 2014-03-06 20:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-06 20:01 . 2014-03-06 20:01 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-06 20:01 . 2014-03-06 20:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-06 20:01 . 2014-03-06 20:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-06 20:01 . 2014-03-06 20:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-06 20:01 . 2014-03-06 20:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-06 20:01 . 2014-03-06 20:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-06 20:01 . 2014-03-06 20:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-06 20:01 . 2014-03-06 20:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-06 20:01 . 2014-03-06 20:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-06 20:01 . 2014-03-06 20:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-06 20:01 . 2014-03-06 20:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-06 20:01 . 2014-03-06 20:01 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-06 20:01 . 2014-03-06 20:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-06 20:01 . 2014-03-06 20:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 20:01 . 2014-03-06 20:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-06 20:01 . 2014-03-06 20:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-06 20:01 . 2014-03-06 20:01 235520 ----a-w- c:\windows\system32\url.dll
2014-03-06 20:01 . 2014-03-06 20:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-06 20:01 . 2014-03-06 20:01 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-06 20:01 . 2014-03-06 20:01 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-06 20:01 . 2014-03-06 20:01 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-06 20:01 . 2014-03-06 20:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-06 20:01 . 2014-03-06 20:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-06 20:01 . 2014-03-06 20:01 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-06 13:36 . 2014-03-06 13:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-06 13:36 . 2014-03-06 13:36 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-06 13:36 . 2014-03-06 13:36 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-06 13:36 . 2014-03-06 13:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-06 13:36 . 2014-03-06 13:36 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-06 13:36 . 2014-03-06 13:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-06 13:36 . 2014-03-06 13:36 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-06 13:36 . 2014-03-06 13:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-03-06 13:36 . 2014-03-06 13:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-06 13:36 . 2014-03-06 13:36 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-06 13:36 . 2014-03-06 13:36 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-03-06 13:36 . 2014-03-06 13:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-06 13:36 . 2014-03-06 13:36 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-03-06 13:36 . 2014-03-06 13:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-03-06 13:36 . 2014-03-06 13:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-03-06 13:36 . 2014-03-06 13:36 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-03-06 13:36 . 2014-03-06 13:36 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-03-06 13:36 . 2014-03-06 13:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-03-06 13:36 . 2014-03-06 13:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-06 11:08 . 2014-03-06 11:08 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-03-06 11:08 . 2014-03-06 11:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-03-04 14:35 . 2014-02-05 14:26 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2014-02-05 14:26 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{858A5679-DEDC-97F1-7504-9897F99E8A08}]
c:\program files (x86)\YoutubeAdblocker\Tk.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2013-11-06 16:53 226592 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}]
c:\users\user\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"CGFLoader"="d:\calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
"CalibrizeResume"="d:\calibrize\CalibrizeResume.exe" [2007-11-26 413696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-03-06 295512]
"VideoUsage"="c:\program files (x86)\DoubleOptMedia\VideoUsage.exe" [2014-02-26 1284736]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2014-02-05 1627032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2014-3-29 4489784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0009.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0009.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 12:27 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23 02:07]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2014-03-29 4298808]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10359633551056513&UM=1&ctid=CT2504091
mStart Page = hxxp://websearch.amaizingsearches.info/?pid=512&r=2014/04/10&hid=955109179370552787&lg=EN&cc=ID&unqvl=51
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{778C38D1-4DB0-402E-B4E6-7CFF11A6BC98}: NameServer = 10.3.3.55,10.30.30.55
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-04f4037c-6788-4042-857f-b8f41decfe2b - c:\progra~3\INSTAL~1\{2ED2A~1\Setup.exe
AddRemove-FilesFrog Update Checker - c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe
AddRemove-IECT2504091 - c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\n9w.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Tablet\Pen\WacomHost.exe
.
**************************************************************************
.
Completion time: 2014-04-15 22:32:54 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-15 15:32
ComboFix2.txt 2014-04-15 13:36
.
Pre-Run: 87,014,809,600 bytes free
Post-Run: 118,559,195,136 bytes free
.
- - End Of File - - B17B0A489811DA9BBA38AAC327268859
A36C5E4F47E84449FF07ED3517B43A31
 
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by user on Tue 04/15/2014 at 22:37:37.13.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/15/2014 10:38:08 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Naver deleted successfully
C:\PROGRA~2\save Neti deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\user\AppData\Roaming\systweak deleted successfully
C:\Users\user\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Internet Explorer\SearchScopes\{109F1B7A-1B8C-4D60-B3DC-7F246FD10629} deleted successfully
HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86DCBC24-B29F-4C3D-BE10-2C1D7CA4D9AB} deleted successfully
HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{858A5679-DEDC-97F1-7504-9897F99E8A08} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{858A5679-DEDC-97F1-7504-9897F99E8A08} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858A5679-DEDC-97F1-7504-9897F99E8A08} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\user\AppData\LocalLow\{858A5679-DEDC-97F1-7504-9897F99E8A08} deleted
C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\{858A5679-DEDC-97F1-7504-9897F99E8A08} deleted
C:\Users\user\daemonprocess.txt deleted
C:\Users\user\.android deleted
C:\PROGRA~2\Vuze_Remote deleted
C:\found.000 deleted
C:\Users\user\AppData\Local\CRE deleted
C:\Users\user\AppData\Local\NativeMessaging deleted
C:\Users\user\AppData\Local\Mobogenie deleted
C:\Users\user\AppData\Local\cache deleted
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\windows\SysNative\Tasks\SomotoUpdateCheckerAutoStart deleted
C:\windows\SysNative\Tasks\BackgroundContainer Startup Task deleted
C:\Users\user\AppData\LocalLow\Vuze_Remote deleted
C:\Users\user\AppData\LocalLow\PriceGong deleted
C:\Users\user\AppData\LocalLow\Conduit deleted
C:\Users\user\Documents\Optimizer Pro deleted
C:\Users\user\Documents\Mobogenie deleted
C:\Users\user\Downloads\MadobeNanami-engfix.themepack.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [03/06/2014 06:08 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nen8kd3r.default
- . - %ProfilePath%\extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
- Shopping Suggestion - %ProfilePath%\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Deleted Firefox Extensions ======================

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nen8kd3r.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[12/21/2013 01:04 PM]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 03:24 PM]
ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\user\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\user\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[]

SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - Guest\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - Guest\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - Guest\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
SNT - user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
mirai - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnbokpfpcljfmbhjfgfaanpdbnhlkio
RealDownloader - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
YoutubeAdblocker - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic
Vuze Remote - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
SNT - user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem
Design my eMail - user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
savE net - user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd
YoutubeAdblocker - user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic

==== Chrome Fix ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojpijjmpahflnipadmlpgbjmagmjchkk_0.localstorage deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ojpijjmpahflnipadmlpgbjmagmjchkk_0 deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljgenmdicddcogimgmcoeohpfagjicic_0.localstorage deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully
C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN10359633551056513&UM=1&ctid=CT2504091"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.amaizingsearches.i...0&hid=955109179370552787&lg=EN&cc=ID&unqvl=51"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.amaizingsearches.i...0&hid=955109179370552787&lg=EN&cc=ID&unqvl=51"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{86DCBC24-B29F-4C3D-BE10-2C1D7CA4D9AB}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86DCBC24-B29F-4C3D-BE10-2C1D7CA4D9AB}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{52009912-2436-47D4-9E9D-613674B7C9F3} Google Url="http://www.google.com/search?q={sea...ie={inputEncoding?}&oe={outputEncoding?}&rlz="
{61D35EE5-A220-4A69-87CA-AE6CBC705D19} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3466406832-2390920417-1956101866-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\04f4037c-6788-4042-857f-b8f41decfe2b deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\nen8kd3r.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1274 folders=333 46347740 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\HomeGroupUser$\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 04/15/2014 at 22:45:58.95 ======================
 
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
after

but the surogate keep increasing, unless im not connected to internet and not opening download folder, and one more thing ! i noticed when i insert TF and SD card, it always thread both as H: disk, and ask me to format them ( luckily, my TF card still safe, no need to format ) and btw, thanks for your help :) especially the for your warn about combofix....

btw, is it safe to run microsoft security essential now? im scanning...
 
Last edited:
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's run one more fix:


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • fixlist.txt
    2 KB · Views: 103
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
welll, the dll host number keep cruising....... less in one minute, the number will cruise to 1.000.000 K, but only when i open the download folder, no damage inflicted when i open another program. pc booting speed decreased to normal state like before this happen. it conclude my report now. anything else?
 
jikugawa

jikugawa

New Member
Thread author
Apr 15, 2014
10
sure

EDITED:
now the download folder is empty and no sign of dll.host. on the new place (which in case was another folder in my *D: drive* , there's no sign of dll host too.....

but, the dll number will cruise again if i change my view option from *detail* to anything above that, except in picture library. (the download folder before contain a lot of picture, and i set the view to large icon)

from this fact, i assume we shouldn't put any picture in any folder with view large icon unless if it was picture library...
so the main trouble is putting picture in wrong library, with the *view* option set to anything above detail. put your pict in pictur library if you wanna set the view to large icon

it conclude my report now....

is the problem solved now? if it is, then i really thank you for your help... since the dlll host number not rocketing again.
 
Last edited:
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, your PC is clean.


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Video shows exactly why you shouldn't run unsupported Windows and stick to 10/11
Replies
3
Views
2,140
Security News
wat0114
wat0114
K
    • Like
Malicious or safe .dll
Replies
10
Views
1,764
Malware Analysis
Kathandra
K
W
    • Thanks
  • Locked
Bizzare incident with suspected malware
Replies
2
Views
965
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top